This "broken" __heartbeat__ since you now get a warning::
"check_xframe_options_middleware": {
"status": "warning",
"level": 30,
"messages": {
"security.W002": "You do not have 'django.middleware.clickjacking.XFrameOptionsMiddleware' in your MIDDLEWARE_CLASSES, so your pages will not be served with an 'x-frame-options' header. Unless there is a good reason for your site to be served in a frame, you should consider enabling this header to help prevent clickjacking attacks."
}
}